(ISC)2 increases the barrier to entry for CISSP credential

* CISSP candidates are required to have longer work experience

Security certification organization (ISC)2 has increased the requirements for its Certified Information Systems Security Professional (CISSP) certification for career security executives.

Effective Oct. 1, 2007, candidates will be required to have five years of relevant work experience in two or more of the 10 domains of the CISSP CBK, the organization’s common framework of information security terms and principles (the list is here), or four years of work experience with an applicable college degree or a credential from the (ISC)2 approved list.

Currently, candidates are required to have four years of relevant work experience, or three years of experience with an applicable college degree or a credential from the (ISC)2-approved list, in one or more of the 10 CISSP CBK domains.

Also, a new requirement is an endorsement from an (ISC)2-certified professional “in good standing,” says (ISC)2. Currently, candidates can be endorsed by a manager at the candidate’s company, even though that individual may not be a security professional. Under the new rules, the endorser can hold any (ISC)2 certification, including CISSP, Systems Security Certified Practitioner (SSCP), or Certification and Accreditation Professional (CAP). This is to ensure the candidate is endorsed by someone who follows the (ISC)2 code of ethics, explains Sarah Bohne, (ISC)2 director of communications and member services.

As with current requirements, candidates are required to pass an exam on the CISSP CBK and subscribe to the code of ethics. Once certified, CISSP’s must be re-certified every three years by earning continuing education credits.

Bohne says the move to increase the barrier to entry ensures the CISSP credential “remains the gold standard” for security professionals.

The new work experience requirement will not affect current holders of the CISSP credential or those scheduled to take the CISSP exam on or before Sept. 30, 2007.

According to (ISC)2, 49,214 individuals around the world have gained the CISSP certification since it was launched in 1989. It is aimed at practicing security professionals and is considered the gateway to chief information security officer roles. CISSPs are often seen at the top of many salary surveys.

Bohne acknowledges that the increased barrier to entry could shrink the pool of CISSPs in the world as fewer candidates would be eligible – which could also potentially drive up salaries as employers compete for the few certified individuals. Every month, (ISC)2 receives 1,100 applications for CISSP certifications around the world (and several thousands fail the exam each year). It will be interesting to see how the new requirements would change these numbers.

Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022